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CLAIMS 

\ 1 . An apparatus for selectively encrypting data sent over a network 

betweema server and a client, comprising: 

means for parsing a first portion of the data from a second portion of the data; 

means for encrypting only the first portion of the data; and 

means tor combining the encrypted first portion of the data with the second 

portion of the data^^ which is not encrypted. 

2. An apparatus of claim I, wherein the data is streaming data. 

3. An apparatus\)f claim I, wherein the first portion of the data is 
information constituting payloa^^data and comprising multimedia data. 

4. An apparatus of claim\l, wherein the second portion of the data is non- 
payload data containing at least one of a^eader, control data and routing data. 

5. An apparatus of claim 1, furthelvcomprising means for sending the 
combined first and second portions of the data ovter the network to the client. 

6. An apparatus of claim 1, further comprising means for receiving the 
data from the server. \ 

7. An apparatus of claim 1, frirther comprising means for establishing a 
data stream between the server and the client. \ 
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8. An apparatus of claim 1 , further comprising key-negotiating means for 
negotiatingan encryption key with the cHent. 

9. apparatus of claim 8, wherein key negotiation can occur 
5 dynamically throu^^ut the process of streaming and encryption. 

10. An apparatus of claim 9, wherein encryption by the encrypting means 
is transparent to the server. \ 

10 11. An apparatus of claim 8, wherein key negotiation can determine the 

correctness of the result. \ 

12. An apparatus of claim 1, furtner comprising decrypting means installed 
at the client for decrypting the combined first artd second portions of the data, 

15 \ 

13. An apparatus of claim 1, wherein the pSM-sing means parses the data 
into different portions based on media format. \ 

14. An apparatus of claim 1, wherein the encryptirvs means encrypts the 
20 first portion of the data based on media format. \ 

15. An apparatus of claim 1, wherein the apparatus is immemented as one 
of an application and plug-in object, \ 
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A server equipped with the apparatus of claim 1. 

17. \a method for selectively encrypting data composed of first and second 
portions which differ from each other in at least on characteristic, the data being sent 
over a network between a server and a client, comprising: 

parsing the datkinto the first and second portions; 
encrypting only tne first portion of the data; and 

sending the encrypted first portion and the second portion of the data over the 
network to the client. \ 

18. A method of claim 1 A fiirther comprising receiving the data from the 
server. \ 

19. A method of claim 17, fiirther^comprising deteraiining whether a 
stream is established between the server and the\client. 

20. A method of claim 17, further comprising negotiating an encryption 
key with the client. \ 

21. A method of claim 20, wherein the data is strewing data sent from the 
server during a streaming session and said step of negotiating the encryption key is 
carried out throughout the streaming session. \ 
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A method of claim 20, flirther comprising terminating a streaming 
session if it is found that the encryption key is invalid. 




23. A method claim 17, wherein the encryption key is negotiated with a 
5 decryption shim on the client. 

24. A method Vf claim 17, fUrther comprising determining whether the 
data is streaming data. \ 

10 25. A method of claim V4, further comprising ignoring the data if the data 

is not streaming data. \ 

26. A method of claim 17, furth^ comprising determining whether a shim 
is present on the client. \ 

15 \ 

27. A method claim 26, further comprising deploying a shim if it is 
determined that the shim is not present on the client. \ 

28. A method of claim 17, further comprising determining whether an 
20 encryption key is current. \ 

29. A method of claim 17, wherein the data includes a paVload data 
portion and at least one of a header, control data and routing data. \ 



25 



# 



\30. A method of claim 29, wherein the first portion of the data is the 
payload obXsl portion. 

3 1 . ASmethod of claim 1 7, further comprising determining whether a 
5 packet is the last inXdata stream. 

32. A method oXplaim 31, further comprising receiving feedback from a 
decryption shim on the client iiat is determined that the packet is not the last packet in 
the data stream. \ 

10 \ 

33. A method of claim 1 7, further comprising determining whether the 
client is compromised. \ 

34. A method of claim 33, further comprising continuing parsing the data 
15 into the first and second portions if it is determined thatsthe client is not compromised. 

35. A method of claim 33, further comprising termfnating a streaming 
session if it is determined that the client is compromised. \ 

20 36. A method for decrypting, at a client, data composed of the^rst and 

second portions which differ from each other in at least on characteristic, theSlata 
being sent over a network to the client from an encryption source which encryptssthe 
first portion, comprising: \ 



26 



Veceiving the data sent over the network from the encryption source to the 
cUent; \ 

parsmg the data into the first and second portions; 
decrypting only the first portion of the data; and 

passing thevdecrj^ted first portion of the data to a higher level of operations. 

37. A methoa\pf claim 36, fiirther comprising determining whether the 
data is an encrypted streamX 

38. A method of claim\37, fiirther comprising passing the data to higher 
layers when it is determined that the^data is an encrypted stream. 

39. A method of claim 36, fiirtnter comprising negotiating a decryption key 
with the encryption source. \ 

40. A method of claim 39, wherein the d\ta is streaming data sent from the 
encryption source during a streaming session and said step of negotiating the 
decryption key is carried out throughout the streaming session. 

41 . A method of claim 39, further comprising termination of the encrypted 
stream if the encryption key is invalid. \ 

42. A method of claim 36, wherein the first portion of the data is a payload 
data portion. \ 
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43. A method of claim 36, further comprising determining whether a 
packet is a la$t packet in a data stream. 

44. A method of claim 43, further comprising sending feedback to the 
encryption source if it iX^etermined that the packet is not the last packet in the data 
stream. \ 

45. A method of claim 36, further comprising determining whether the 
client is compromised. \ 

46. A method of claim 45, further comprising continuing parsing the data 
into the first and second portions if it is determineothat the client is not compromised. 

47. A method of clairn 45, further comprising tbmiinating a streaming 
session if it is determined that a packet is a last packet in a datavstream or if the client 
is compromised. \ 
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